Vice-President of the European Commission responsible for the Digital Agenda

Using cybersecurity to promote European values

Launching the EU's Cybersecurity Strategy press conference /Brussels

7 February 2013

We are all here because we recognise the Internet is important: for our economy, for our values, and for our human rights. We all recognise that insecure systems could harm those benefits. And we recognise that we need to work together, within the EU and internationally, to achieve a safe and free internet.

We rely on the internet for ever more services – from shopping and socialising, to healthcare, education, and smart transport.

But the more we depend on it – the more we depend on it to be secure. Staying open and free is essential to online innovation. And there is no true freedom without security – not when you're walking down the street, and not when you're online.

As Cathy and Cecilia will demonstrate, there are many different actions to ensure cybersecurity. But they complement each other: for example, to be taken seriously by international partners, we must get our own house in order.

We are all familiar with cyber-incidents and their consequences. From phishing scams and identity theft; to the case of Dutch certification company Diginotar; to the outages for millions that can follow natural disasters like storms.

We need to protect our networks and systems, and make them resilient. That can only happen when all actors play their part and take up their responsibilities. Cyber threats are not contained to national borders: nor should cybersecurity be.

So our strategy is accompanied by a proposed Directive to strengthen cyber-resilience within our single market. It will ensure companies take the measures needed for safe, stable networks.

In the Diginotar case, they did not report that their systems were hacked, nor did they revoke the digital certificates. And that resulted in certificates being fraudulently issued and circulating online; ultimately undermining trust in the system.

Under our proposal, sectors using telecoms networks in ways vital to our economy and society – energy, transport, banking, healthcare, and key Internet companies – would have to manage risks; and report significant incidents, as we already require for the telecoms sector.

The EU's member states should be sufficiently equipped to protect themselves – like with competent authorities for network and information security, and well-functioning computer emergency response teams. They should also cooperate and share at EU level.

And I want a European security industry to play its part too – strong and trustworthy. With the right investment in research and development, and the right policy framework, we can take security research and turn it into commercial reality – right here in Europe.

Europe needs resilient systems and networks. Failing to act would impose significant costs: on consumers, on businesses, on society. A single cyber incident can cost from tens of thousands of euros for a small business — to millions for a large-scale data breach. Yet the majority of them could be prevented just by users taking simple and cheap measures.

Already today, cyber incidents disrupt millions, undermining trust in the online world. By working together we can boost that confidence, protect European values, and help Europe become a connected, competitive continent.